Here are some resources to study, learn, improve your skills on Microsoft SharePoint, SQL, Office 365, Azure:

Officially free:

• Microsoft Learn 
• Channel9 – case studies, recordings from Webinars, Conferences, Events etc. from SharePoint professionals 
• Office 365 training – for user, power users, site collection administrators
• MS Ignite 2017 – tons of on-demand video sessions
• Office Blogs – news etc. on SharePoint, Office 365 and Office
• Technet – documentation, articles
• MSDN Office Development
• SharePoint help Center
• (decomissioned) MVA (Microsoft Virtual Academy) – courses on all Microsoft technologies (including SharePoint) for users, developers and IT Pro

SharePoint gurus:

• https://www.youtube.com/user/ToddKlindtNetcast (Todd Klindt)
• http://www.toddklindt.com/ (Todd Klindt)
• http://www.andrewconnell.com/ (Andrew Connell)
• http://www.wictorwilen.se/ (Wictor Wilen)
• http://www.srinisistla.com/blog/ (Srini Sistla)
• http://blah.winsmarts.com/ (Sahil Malik)
• http://www.harbar.net/ (Spencer Harbar)
• http://www.askwictor.com/ (Wictor Wilén)
• http://blogs.technet.com/b/wbaer/ (Bill Baer)
• http://blog.geektrainer.com/search/label/SharePoint  (Christopher Harrison)
• http://www.jeremythake.com/ (Jeremy Thake)
• http://blogs.msdn.com/b/sharepoint_strategery/ (Brian Pendergrass aka bspender)
• http://blog.falchionconsulting.com/  (Gary Lapointe)
• https://absolute-sharepoint.com/microsoft-certification-study-guides – SharePoint/Microsoft 365 study guide (Vlad Catrinescu)
• https://www.helloitsliam.com – (Liam Cleary)
• https://blogs.technet.microsoft.com/stefan_gossner – (Stefan Gossner)
• https://blogs.technet.microsoft.com/pla/ – Product Line Architecture (PLA) Team Blog
• https://eightwone.com/ – Michel de Rooij with focus is on Exchange, Office 365, and PowerShell
• https://www.eliostruyf.com/ – Elio Struyf
• http://www.techmikael.com/ – Mikael Svenson – SharePoint and search

Courses on SharePoint (for money):

• http://www.pluralsight.com/tag/sharepoint
• www.cbtnuggets.com/
• http://www.lynda.com/
• https://www.opsgility.com/ (3-month free subscription for free Visual Studio Dev Essentials members)
• http://www.skillsoft.com/

SharePoint Certification:

• https://www.microsoft.com/learning/en-us/sharepoint-certification.aspx
• Microsoft Certification Roadmap 2015

SharePoint career builder/study guides:

https://absolute-sharepoint.com/microsoft-certification-study-guides – SharePoint/Microsoft 365 study guide (Vlad Catrinescu)

http://sharepointkitchen.blogspot.in/2014/05/sharepoint-interview-questions.html

There is a course on Pluralsight: Penetration Testing SharePoint by Liam Cleary.

Here are some fundamentals every SharePoint architect should know on “how to protect SharePoint environment”, from this course and from my personal experience.

Security basics

• audit environment, document it (annual, semi-annual)
• permission matrix and authentication flow (semi-annual, monthly) – using 3-rd party tools
• test environment security

Protect from the Scans

• Monitoring
• Access control (accounts, passwords, least permissions, audit)
• Port restriction (enable only required ports and protocols)
• Server firewall (including SQL, SharePoint, OOS, Workflow) + Isolation
• Local Computer Policies
• Network firewall (incl. edge firewall and internal firewall)

IIS – web.config

• <authentication …>
• <microsoft.identityModel>
• <location path …><allow users …>
• viewlsts.aspx – protect using <location path …><allow users …> on IIS level
• … CallStack …
• <CustomErrors …>
• <appSettings>

IIS

• Site – Authentication – Specific user
• Certificates – Binding

Central administration

• Web Applications – Web Application – User policies
• Web Applications – Web Application – Anonymous policies
• Web Applications – Web Application – Blocked file types
• Service Applications – Service Application – Administrators/Permissions
• Security – Farm Administrators

Roles

Architect, Support – should have farm-level access
Developer, Designer, End User, External – should not have farm-level access

Use personalized account for administration/support (do not use farm account or install account)

BTW, My opinion: Do not allow Developers any access to production farm.
The rights/responsibilities and dev workflow should be:

• SharePoint Developer: Dev farm for development, Dev-Test farm for self-testing
• SharePoint Tester: Test-farm for testing
• SharePoint Administrator: Pre-production farm and Production farm

If somebody combine roles – use different accounts and separation of roles.
 

SharePoint updates

• security updates
• public updates, cumulative updates (download)
• service packs, feature packs

Some useful PowerShell commands:

$subnet = "192.168.214"
$range = 223..225
$range | %{$ip = $subnet + '.' + $_; Test-Connection -Count 1 -ComputerName $ip -Quiet } | ?{$_ -eq $true} | %{Write-Host $ip " - Test OK"}

$port = 3389
foreach ($byte in $range) {
    $ip = "{0}.{1}" -F $subnet, $byte
    Write-Host "Testing NetConnection to $ip`:$port `- " -NoNewline
    $tnc = Test-NetConnection -ComputerName $ip -Port $port -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
    Write-Host $tnc.TcpTestSucceeded
} 

Links:

• https://www.exploit-db.com
• http://angryip.org/ – network scanner
• https://nmap.org/ – free security scanner
• http://sparty.secniche.org/ – MS Sharepoint and Frontpage Auditing Tool
• https://www.metasploit.com/ – Penetration Testing Software
• https://www.cvedetails.com/ – Common Vulnerabilities and Exposures

Onboard-CloudHybridSearch.ps1 : Method invocation failed because [System.String] does not
contain a method named ‘SetProperty’.

Step-by-step script of my recent Hybrid SharePoint 2016 – Office 365 implementation:

Office 365 Prerequisites

• set and configure custom domain name
• synchronize users (e.g. like this)
• provide Office 365 licenses for hybrid users
• (for hybrid search or Sharepoint 2016 DLP) provide license for farm account

On-Premises AD prerequisites

• AD group “HybridUsers” for hybrid users

On-premises SharePoint Prerequisites

• managed metadata service application
• user profiles service application
  • user profiles are synchronized (incl. User Principal Name and Work email)
  • MySites
  • Audience for HybridUsers AD group
• app management service application
• subscription settings service application
• secure store service application
• SP1 + September 2015 CU

On-Premises AD prerequisites

• AD group “HybridUsers” for hybrid users

Certificates

• certificate to replace the default SharePoint STS certificate
  • no special requirements for subject
  • self-signed (lab/test)
  • public authority (production)

If you plan for inbound search of hybrid BCS – there are some more requirements

Steps:

Create S2S trust, i.e. trust relationship between on-premises SharePoint and Office 365.

• replace default STS certificate
• upload certificate to Office 365
• add SPN to Azure AD
• register SPO application principal
• set authentication realm (align this with high-trusted app environment)
• configure on-prem proxy for Azure AD

(scripts: https://technet.microsoft.com/library/dn197169.aspx)

Hybrid Sites and Hybrid OnDrive for Business

1. goto Office 365 admin center -> SharePoint admin
2. copy mysites site collection name (https://ecm-my.sharepoint.com)
3. goto on-prem SharePoint CA -> Office 365 -> Configure hybrid OneDrive…
   • enter “My Site URL” from “2” Office 365 mysites site collection name
   • (optional) enter specific audience – “hybrid users”
   • select hybrid features – “OneDrive only” or “OneDrive and Sites”

Hybrid Sites Hybrid OnDrive for Business warnings:

• you cannot activate hybrid sites w/o activating hybrid OneDrive for Business
• users need to re-follow migrated sites
• custom profile properties require additional steps
• existing mysites content will not be migrated – consider
  • 3-rd party tools or
  • PowerShell(?) or
  • manual “old sync->backup->.stop sync -> new sync -> restore from backup -> sync” for every user

Sources:

• Vlad Catrinescu, Implementing a Hybrid SharePoint 2013/2016 Infrastructure